registry  /  @umacloud/knowledge  /  1.0.26

@umacloud/knowledge@1.0.26

UmaDev curated engineering knowledge corpus (standards, methodologies, expert playbooks, design systems, miniprogram/uniapp guides). Platform-independent data shipped once so npm users get the full KB offline.

AI Security Review

scanned 3d ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. The package is a markdown-only knowledge corpus with no executable entrypoints or lifecycle hooks.

Static reason
One or more suspicious static signals were detected.
Trigger
Reading markdown content through a consuming application
Impact
No package-controlled code execution or exfiltration identified
Mechanism
Static documentation corpus
Rationale
Static inspection shows the scanner hit is a didactic hardcoded-secret example inside markdown, not a live credential or executable behavior. With no lifecycle hooks, entrypoints, dependencies, or executable files, the package aligns with its documented offline knowledge-corpus purpose.
Evidence
package.jsonREADME.mdsecurity/04-antipatterns/security-coding-antipatterns.md

Decision evidence

public snapshot
AI called this Clean at 98.0% confidence as Benign with low false-positive risk.
Evidence for block
  • security/04-antipatterns/security-coding-antipatterns.md contains an AWS-looking example key in a fenced 'bad' code sample
  • Many markdown guides include example commands/URLs, but only as documentation text
Evidence against
  • package.json has no scripts, main, module, bin, browser, or dependencies
  • package.json files allow only markdown; package contains 463 .md files and package.json
  • No non-markdown executable source files found
  • README.md describes an offline engineering knowledge corpus consumed by a separate launcher
  • Flagged secret string is AWS's documented dummy prefix pattern ending EXAMPLE/EXAMPLEKEY in an antipattern guide
  • No install-time/import-time execution, file writes, credential harvesting, or exfiltration code found
Behavioral surface
SourceNo risky source behavior triggered.
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 0 file(s), 0 B of source

Source & flagged code

28 flagged · loading source
security/04-antipatterns/security-coding-antipatterns.mdView file
33patternName = aws_access_key severity = critical line = 33 matchedText = AWS_ACCE...PLE"
Critical
Critical Secret

Package contains a critical-looking secret pattern.

security/04-antipatterns/security-coding-antipatterns.mdView on unpkg · L33
33patternName = aws_access_key severity = critical line = 33 matchedText = AWS_ACCE...PLE"
Critical
Secret Pattern

AWS access key ID in security/04-antipatterns/security-coding-antipatterns.md

security/04-antipatterns/security-coding-antipatterns.mdView on unpkg · L33
devops/01-standards/terraform-complete.mdView file
2020patternName = generic_password severity = medium line = 2020 matchedText = db_passw...要这样做
Medium
Secret Pattern

Hardcoded password in devops/01-standards/terraform-complete.md

devops/01-standards/terraform-complete.mdView on unpkg · L2020
2023patternName = generic_password severity = medium line = 2023 matchedText = # export...ord"
Medium
Secret Pattern

Hardcoded password in devops/01-standards/terraform-complete.md

devops/01-standards/terraform-complete.mdView on unpkg · L2023
cloud-native/04-antipatterns/k8s-antipatterns.mdView file
443patternName = generic_password severity = medium line = 443 matchedText = password...# 明文
Medium
Secret Pattern

Hardcoded password in cloud-native/04-antipatterns/k8s-antipatterns.md

cloud-native/04-antipatterns/k8s-antipatterns.mdView on unpkg · L443
456patternName = generic_password severity = medium line = 456 matchedText = password... 已加密
Medium
Secret Pattern

Hardcoded password in cloud-native/04-antipatterns/k8s-antipatterns.md

cloud-native/04-antipatterns/k8s-antipatterns.mdView on unpkg · L456
cloud-native/01-standards/kubernetes-complete.mdView file
457patternName = generic_password severity = medium line = 457 matchedText = password...ere"
Medium
Secret Pattern

Hardcoded password in cloud-native/01-standards/kubernetes-complete.md

cloud-native/01-standards/kubernetes-complete.mdView on unpkg · L457
cloud-native/01-standards/container-security.mdView file
355patternName = generic_password severity = medium line = 355 matchedText = password... }}"
Medium
Secret Pattern

Hardcoded password in cloud-native/01-standards/container-security.md

cloud-native/01-standards/container-security.mdView on unpkg · L355
cloud-native/02-playbooks/gitops-with-argocd.mdView file
606patternName = generic_password severity = medium line = 606 matchedText = password...cret
Medium
Secret Pattern

Hardcoded password in cloud-native/02-playbooks/gitops-with-argocd.md

cloud-native/02-playbooks/gitops-with-argocd.mdView on unpkg · L606
cloud-native/02-playbooks/terraform-iac-playbook.mdView file
107patternName = generic_password severity = medium line = 107 matchedText = db_passw...123"
Medium
Secret Pattern

Hardcoded password in cloud-native/02-playbooks/terraform-iac-playbook.md

cloud-native/02-playbooks/terraform-iac-playbook.mdView on unpkg · L107
frontend/01-standards/react-hooks-complete.mdView file
799patternName = generic_password severity = medium line = 799 matchedText = if (!val...ed';
Medium
Secret Pattern

Hardcoded password in frontend/01-standards/react-hooks-complete.md

frontend/01-standards/react-hooks-complete.mdView on unpkg · L799
security/secrets-management.mdView file
58patternName = generic_password severity = medium line = 58 matchedText = db_passw...)" \
Medium
Secret Pattern

Hardcoded password in security/secrets-management.md

security/secrets-management.mdView on unpkg · L58
331patternName = generic_password severity = medium line = 331 matchedText = db_passw...4 编码
Medium
Secret Pattern

Hardcoded password in security/secrets-management.md

security/secrets-management.mdView on unpkg · L331
development/04-antipatterns/security-antipatterns.mdView file
28patternName = aws_access_key severity = critical line = 28 matchedText = AWS_ACCE...PLE"
Critical
Secret Pattern

AWS access key ID in development/04-antipatterns/security-antipatterns.md

development/04-antipatterns/security-antipatterns.mdView on unpkg · L28
development/01-standards/oauth2-complete.mdView file
254patternName = generic_password severity = medium line = 254 matchedText = password...ord'
Medium
Secret Pattern

Hardcoded password in development/01-standards/oauth2-complete.md

development/01-standards/oauth2-complete.mdView on unpkg · L254
development/01-standards/postgresql-complete.mdView file
378patternName = generic_password severity = medium line = 378 matchedText = passwo...
Medium
Secret Pattern

Hardcoded password in development/01-standards/postgresql-complete.md

development/01-standards/postgresql-complete.mdView on unpkg · L378
backend/04-antipatterns/backend-antipatterns.mdView file
949patternName = generic_password severity = medium line = 949 matchedText = password...23",
Medium
Secret Pattern

Hardcoded password in backend/04-antipatterns/backend-antipatterns.md

backend/04-antipatterns/backend-antipatterns.mdView on unpkg · L949
backend/01-standards/nestjs-complete.mdView file
1624patternName = generic_password severity = medium line = 1624 matchedText = .send({ ...' })
Medium
Secret Pattern

Hardcoded password in backend/01-standards/nestjs-complete.md

backend/01-standards/nestjs-complete.mdView on unpkg · L1624
backend/01-standards/django-complete.mdView file
1155patternName = generic_password severity = medium line = 1155 matchedText = email="t...123"
Medium
Secret Pattern

Hardcoded password in backend/01-standards/django-complete.md

backend/01-standards/django-complete.mdView on unpkg · L1155
1184patternName = generic_password severity = medium line = 1184 matchedText = email="a...123"
Medium
Secret Pattern

Hardcoded password in backend/01-standards/django-complete.md

backend/01-standards/django-complete.mdView on unpkg · L1184
testing/02-playbooks/e2e-testing-playbook.mdView file
601patternName = generic_password severity = medium line = 601 matchedText = const pa...56';
Medium
Secret Pattern

Hardcoded password in testing/02-playbooks/e2e-testing-playbook.md

testing/02-playbooks/e2e-testing-playbook.mdView on unpkg · L601
data-engineering/01-standards/airflow-complete.mdView file
477patternName = generic_password severity = medium line = 477 matchedText = password...123"
Medium
Secret Pattern

Hardcoded password in data-engineering/01-standards/airflow-complete.md

data-engineering/01-standards/airflow-complete.mdView on unpkg · L477
experts/qa-lead/test-strategy.mdView file
68patternName = generic_password severity = medium line = 68 matchedText = let req ..." };
Medium
Secret Pattern

Hardcoded password in experts/qa-lead/test-strategy.md

experts/qa-lead/test-strategy.mdView on unpkg · L68
data/01-standards/redis-complete.mdView file
552patternName = generic_password severity = medium line = 552 matchedText = master =...rd")
Medium
Secret Pattern

Hardcoded password in data/01-standards/redis-complete.md

data/01-standards/redis-complete.mdView on unpkg · L552
556patternName = generic_password severity = medium line = 556 matchedText = slave = ...rd")
Medium
Secret Pattern

Hardcoded password in data/01-standards/redis-complete.md

data/01-standards/redis-complete.mdView on unpkg · L556
595patternName = generic_password severity = medium line = 595 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in data/01-standards/redis-complete.md

data/01-standards/redis-complete.mdView on unpkg · L595
data/01-standards/postgresql-complete.mdView file
764patternName = generic_password severity = medium line = 764 matchedText = password...RD}"
Medium
Secret Pattern

Hardcoded password in data/01-standards/postgresql-complete.md

data/01-standards/postgresql-complete.mdView on unpkg · L764
767patternName = generic_password severity = medium line = 767 matchedText = password...RD}"
Medium
Secret Pattern

Hardcoded password in data/01-standards/postgresql-complete.md

data/01-standards/postgresql-complete.mdView on unpkg · L767

Findings

3 Critical25 Medium
CriticalCritical Secretsecurity/04-antipatterns/security-coding-antipatterns.md
CriticalSecret Patternsecurity/04-antipatterns/security-coding-antipatterns.md
CriticalSecret Patterndevelopment/04-antipatterns/security-antipatterns.md
MediumSecret Patterndevops/01-standards/terraform-complete.md
MediumSecret Patterndevops/01-standards/terraform-complete.md
MediumSecret Patterncloud-native/04-antipatterns/k8s-antipatterns.md
MediumSecret Patterncloud-native/04-antipatterns/k8s-antipatterns.md
MediumSecret Patterncloud-native/01-standards/kubernetes-complete.md
MediumSecret Patterncloud-native/01-standards/container-security.md
MediumSecret Patterncloud-native/02-playbooks/gitops-with-argocd.md
MediumSecret Patterncloud-native/02-playbooks/terraform-iac-playbook.md
MediumSecret Patternfrontend/01-standards/react-hooks-complete.md
MediumSecret Patternsecurity/secrets-management.md
MediumSecret Patternsecurity/secrets-management.md
MediumSecret Patterndevelopment/01-standards/oauth2-complete.md
MediumSecret Patterndevelopment/01-standards/postgresql-complete.md
MediumSecret Patternbackend/04-antipatterns/backend-antipatterns.md
MediumSecret Patternbackend/01-standards/nestjs-complete.md
MediumSecret Patternbackend/01-standards/django-complete.md
MediumSecret Patternbackend/01-standards/django-complete.md
MediumSecret Patterntesting/02-playbooks/e2e-testing-playbook.md
MediumSecret Patterndata-engineering/01-standards/airflow-complete.md
MediumSecret Patternexperts/qa-lead/test-strategy.md
MediumSecret Patterndata/01-standards/redis-complete.md
MediumSecret Patterndata/01-standards/redis-complete.md
MediumSecret Patterndata/01-standards/redis-complete.md
MediumSecret Patterndata/01-standards/postgresql-complete.md
MediumSecret Patterndata/01-standards/postgresql-complete.md